At a Thursday news conference, the FBI and Europol announced that they've jointly seized the world's two biggest darknet - or dark web - marketplaces, AlphaBay and Hansa, which were collectively responsible for more than 10 times the volume of sales as the notorius Silk Road marketplace.

AlphaBay launched in December 2014 and boasted more than 200,000 members and 40,000 vendors. Like Hansa, AlphaBay offered for sale everything from weapons and drugs to healthcare data and counterfeit payment cards.

But AlphaBay went dark over the July 4 weekend, leading users to suspect either that the administrators had committed an "exit scam" - disappearing with the millions of dollars' worth of cryptocurrency being traded between buyers and sellers - or that the site had been shut down as part of a law enforcement operation.

It turns out that AlphaBay was shuttered thanks to an FBI and Drug Enforcement Agency-led operation, called Bayonet, that identified the site's administrator, Canadian citizen Alexandre Cazes, 26. On July 5, at the request of the U.S. Department of Justice, he was detained by police in Thailand, where he was residing (see Darknet Marketplace AlphaBay Offline Following Raids).

Cazes was later found dead in his jail cell, apparently after taking his own life.

In the wake of AlphaBay going offline, security experts predicted many users would flock to alternative marketplaces, including the world's then-largest darknet marketplace, called Hansa.

But it turns out that Dutch police had led an investigation that resulted in the arrest of two Hansa administrators in Germany and the seizure of servers in the Netherlands, Germany and Lithuania. On June 20, Dutch National Police secretly took control of the Hansa marketplace, under Dutch judicial authorization.

Hansa was shut down one month later, on Thursday, July 20. Seizure notices then appeared on the homepages of both AlphaBay and Hansa.

Also on Thursday, Dutch police arrested two alleged Hansa administrators from Siegen, Germany, and seized cryptocurrency accounts worth approximately $2.6 million. Then men, aged 30 and 31, were not named.

Secret Hansa Admins: Dutch Police

For one month, Dutch police watched and recorded everything that happened on Hansa.

"In the past few weeks, the Dutch police collected valuable information on high-value targets and delivery addresses for a large number of orders. Some 10,000 foreign addresses of Hansa market buyers were passed on to Europol," according to a statement released by Europol, which is the EU's law enforcement intelligence agency.

"This is an outstanding success by authorities in Europe and the U.S.," Rob Wainwright, the executive director of Europol, said at the Thursday news conference in Washington, where he appeared alongside the U.S. Attorney General, the acting director of the FBI, and the deputy director of the U.S. Drug Enforcement Administration.

"The capability of drug traffickers and other serious criminals around the world has taken a serious hit today after a highly sophisticated joint action in multiple countries," Wainwright said. "There are more of these operations to come."

The immediate impact of the takedown appears to be significant, in that it has disrupted transactions, resulted in a loss of cryptocurrency for buyers and sellers, as well as potentially outed thousands of darknet marketplace users. "According to Acting FBI Director Andrew McCabe, AlphaBay was 10 times the size of the Silk Road - formerly the largest DDW [darknet and deep web] marketplace that was responsible for over $1 billion in narcotics sales," says Ronnie Tokazowski, a senior malware analyst at security intelligence firm Flashpoint, in a blog post.

Expect Follow-On Investigations

Alan Woodward, a computer science professor at Surrey University who advises Europol - the EU's law enforcement intelligence agency - on cybersecurity, says that police will now be chasing down the leads obtained from this takedown.

Let this sink in for a moment - the Dutch police have been running Hansa for a month so they have all sorts of lovely user details.

Europol says Dutch police reaped a bonanza of intelligence after monitoring Hansa for one month. "It meant the Dutch police could identify and disrupt the regular criminal activity on Hansa but then also sweep up all those new users displaced from AlphaBay who were looking for a new trading platform," according to Europol. "In fact they flocked to Hansa in their droves, with an eight-fold increase in the number of new members of Hansa recorded immediately following the shutdown of AlphaBay."

Europol says that it's supporting ongoing efforts by the FBI, DEA, the Dutch National Police and other agencies and partners "on the forensic work that needs to be performed on huge amounts of seized material."

Darknet Markets: Caveat Emptor

The forum takedowns demonstrate the promise and peril of darknet marketplaces for buyers, sellers and their administrators. On the one hand, such forums offer partial anonymity, bolstered by the pseudo-anonymizing Tor browser and cryptocurrency, and allow people to obtain all manner of illegal merchandise - from illegal narcotics to assault rifles to malware.

On the other hand, when police manage to infiltrate a forum, and can monitor activities on it wholesale, they can easily amass extreme amounts of intelligence that can be used to "follow the money," unmasking numerous forum users at one fell swoop.

About the Author

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.